|
February 2, 2017 - For years we've been writing about the many data breaches that have occurred on federal government computer systems. It's no secret that the government's record on cybersecurity is abysmal at best. But there are indications that President Trump is taking cybersecurity seriously and will be signing an executive order on the matter in the in the coming days.
It's been several years now since 20 million veterans, military contractors, and some active duty military personnel had their personal data exposed by the Pentagon in what was at the time a massive data breach. But that breach was subsequently dwarfed by additional federal breaches. We've openly wondered whether or not the federal government had done anything in some departments to protect the data of American citizens.
What is clear is that the new administration intends to take data security more seriously than any prior administration. Yesterday president Trump was due to sign an executive order on cybersecurity. The signing was postponed at the last minute, but we expect an updated executive order will be signed by him sometime in the near future.
The White House has not released a final copy of the order, nor have they said why the president postponed the signing, but a leaked copy was obtained by The Washington Post. Based on that copy, we suspect the president decided to postpone signing because of certain procedural problems it may have created. We also suspect that the order underestimated the scope of the problem and will require some tailoring in order for it to be effective.
Specifically the order would have placed the White House Office of Management and budget in charge of cybersecurity. That may have created problems with both the DHS and the Department of Defense, both of which have extensive experience with and large staffs dedicated to computer security and hacking. There may also have been some confusion about ultimate accountability. While the order had the OMB responsible for the entire executive branch, it also directed agency heads to develop their own best practices for each agency.
And because the draft order only gave department heads 60 days to come up with initial proposals to address their cybersecurity issues, that may not have provided enough time for anyone to come up with anything viable.
One of the largest problems faced when it comes to protecting government computer systems is that they also have to interface with private computer systems run by corporations doing business with the government. This means that both the government and those corporations need to be on the same page. Given the number of private contractors that do business with the United States government the task is herculean.
The good news is that it is obvious the president intends to develop a "single point of contact" that will ultimately be responsible for executive branch agency cybersecurity. That's a Monumental step forward. He's also made it clear that he will hold his department heads personally responsible for any data breaches that occur on their department's government systems. What that actually means in terms of data protection is unknown at this point, but it is refreshing to see a head of state who actually believes the government should be accountable to the people who employ it.
What's a final executive order is available, will let you know what it contains.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Politics & Politicians 
